On Thu, 05 Jul 2001, Philip S Tellis spewed into the ether:
I always thought that traceroute uses a time-exceeded icmp packet to find routes, but my ipchains logs shows that it is actually trying to connect on various udp ports around 33440 (above and below)
Unix traceroute by default sends UDP packets. On windows, the default is ICMP. The principle of traceroute is that UDP packets are sent out with different TTLs. When a router meets a packet with an expired TTL, it sends an ICMP error message back to the sender host. You will get incoming ICMP traffic when doing a traceroute. Use the -i option on Linux to get traceroute to use ICMP.
linux starts at 33438 solaris starts at 33435
The ports are defined in the man page for traceroute.
Devdas Bhagat